The US has publicly blamed North Korea for WannaCry, with White House Homeland Security Advisor Tom Bossert saying that “the attack was widespread and cost billions, and North Korea is directly responsible.” The dots are being connected through the activities of the Lazarus Group. The US isn’t alone; indeed, it’s late to the party, as the UK and others have made this attribution as early as June. The British Foreign Office joined, again, in fingering Pyongyang for WannaCry. The strategy here seems to be to shame North Korea and stiffen international consensus against what Washington sees as an increasingly dangerous rogue regime.
The attribution comes on the heels of a US statement of strategic policy that identifies North Korea, Iran, China, and Russia as adversaries. North Korea and Iran get strong talk; China and Russia a more nuanced but still cold treatment (Chinese and Russian observers are quick to call the document a return to the Cold War). It’s worth noting that the US hasn’t, for all of its strong words, characterized WannaCry as an act of war.
GuardiCore has published the results of its look at an organized Chinese cyber gang. They’re operating from a “coordinated infrastructure, and they’re going after database-service servers. GuardiCore finds three attack variants, which they’re calling “the Hex-Men”: Hex, Hanako, and Taylor.
Netskope reports finding a RAT that uses Dropbox to host its payload and Telegram for command-and-control.
Security researchers and ISPs in Egypt and Latin America have successfully taken down the Satori botnet.
Products, Services, and Solutions
Janrain Delivers First Universal Integration of CIAM Event Data with SIEM Systems(markets.businessinsider.com) Janrain®, the company that pioneered the Customer Identity and Access Management (CIAM) category, today announced it is the first CIAM provider to deliver universal integration with major Security Information and Event Management (SIEM) systems such as IBM QRadar and others to provide Security Operations Center (SOC) analysts with early detection and response to a wider swath of suspicious activities and possible security threats.